Timely Advice on IAM, Asset Management

'Use Cases' to Offer Insights for Addressing Cybersecurity Risks

Listen Now

Cybersecurity risks posed by inadequate IAM and IT asset management are mounting. Now the National Cybersecurity Center of Excellence has drafted guidance to address banking institutions' unique risks, says Nate Lesser, the center's deputy director.

The center will accept comments through Dec. 18 on its drafts of two use cases providing guidance. Early next year, it will publish final versions designed to help banking institutions address identity and access management as well as IT asset management challenges using readily available technologies, Lesser says.

"We hope to hear from more institutions," he says. "Comments will be incorporated into the use cases."

The NCCoE is a partnership between the National Institute of Standards and Technology, the state of Maryland and Montgomery County, Md., that's pushing for the integration and adoption of practical cybersecurity solutions (see How Will NIST Framework Affect Banks?).

"One of the things that makes the NCCoE unique is that we are focused on technology that is commercially available today," Lesser says in an interview with Information Security Media Group. "We recognize there is often a gap between what is available and what is deployed."

Because the financial services industry relies so heavily on mainframe architecture, its IAM risks and challenges differ from other industries, Lesser adds. "Common use of identity is an issue," he says. "Similarly, IT asset management becomes very hard," he adds, including ensuring systems are sufficiently patched.

During this interview, Lesser discusses:

How IAM and IT asset management is impacting the nation's critical infrastructure;

Steps the NCCoE is taking to get vendors and other technology providers involved; and

How banking institutions can build these recommendations into their cybersecurity infrastructure plans.

Since assuming his role with the NCCoE in December 2012, Lesser has been the center's principal liaison to collaborators, cultivating relationships with leading technology companies, public and private sector executives and national experts. He also oversees the center's collaborative engineering initiatives, which engage with communities of interest to explore and address intractable cybersecurity issues both within and across industry sectors. Before joining NCCoE, Lesser managed a team of cybersecurity engineers at Booz Allen Hamilton and was a presidential management fellow with the Office of Management and Budget.